Stepping in mythical maturity mud puddles

While this is something I’ve written about before, it’s not normally something that comes up quite so strongly and quite so often in the same day. That “something” is the myth of some magical level of maturity in your security program when “things will happen.”

When we get [magical maturity level], then we can be more focused on the business.

When we get [magical maturity level], then we can adopt a framework.

When we get [magical maturity level], then we can be less focused on operations.

Unfortunately, like most myths, there’s some truth to them. For example, one of my favorite takes on the legend of King Arthur was a book I read when I was an exchange student in Clare, South Australia. It was written by Rosemary Sutcliff in 1963, and is called Sword at Sunset.

Unlike most of the stuff written about Arthur (another of hers was a more “traditional” take that was also quite excellent), she tried to imagine what kind of real-life events might have taken place in history to inspire the story that most people have encountered in some form many times during their life.

Instead of the whole sword, stone, Merlin and magic, she set the story in the time after the Roman occupation of Britain in the 5th Century, and Artos (“Arthur”) leads a pretty dramatically different life than he does most versions of the story. It was dark, it talked about the way live might’ve been at that time, and it talked about the gruesome realities of war and the impact a real leader on a superbly impressive horse can have when supported by a Company of dedicated men.

Of course, it was historical fiction, but it was GOOD historical fiction that really made a compelling case for some real origin to a popular myth most recently, for me at least, appearing in the latest HellBoy film.

In the case of the magical maturity level, there are some realities that do indeed make life difficult when you don’t really have your security program running like a finely tuned F1 racer.

One of those is that everyone tends to do their own thing, because there’s nobody available to tell them not to, and, people are still trying to figure out what works. And another of those things is that everyone’s pretty jumpy about…well…everything, because there’s no good way to prove with any certainty that you’re not suddenly going to be the victim of the next, high-profile cyber attack that makes front-page news.

Those are facts, and yes…they’re a pain in the arse.

But there’s another – often overlooked – fact about maturity.

Maturity isn’t some magic spell whispered on the mist by a mythical magician like Merlin.

Maturity is something that comes after…wait for it…

…a helluva lot of hard work.

But even before all that hard work, someone does something that actually IS kinda magical:

They make a decision.

They make a decision to change.

They make a decision to lead, and…not only that…

…they make a decision to lead by example.

One of the many things I liked about the founder of SEAL Team 6, the Rogue Warrior himself, “Demo” Dick Marcinko was his simplest expression of leadership—the mantra of:

“Follow me!”

And that’s the real secret to security maturity. Maturity results from a single person making the decision to do something better…more focused…more repeatable…and more effective.

It’s the decision that changes everything.

It’s the decision that can actually be made anywhere…

But if you’re sitting in a leadership role in your security team – and that includes you as a security architect – then it also means that not only can you make that decision…

…you also have the influence to make it stick.

Alternatively, you can just wait around until either:

that magic maturity level finally does manifest, or

you get tired of waiting and jump to your next position…

…unfortunately, often finding that the grass isn’t any greener on the maturity scale on that side of the fence than it was where you were.

How do you have the confidence to make that decision?

Well…I’m glad you asked. That’s where I might be able to help you—and, until the end of next week, I can potentially help you for a lot less dosh than it would ordinarily take to be part of the next cohort of our flagship, online training course, Building Effective Security Architectures.

Once you’ve gone through the course, you’ll be well versed – and have demonstrable security architecture skills – in using The Agile Security System™ to build real SABSA® security architectures. It’sdeliberately engineered to make sure you don’t get lost, you don’t get overwhelmed, and you DO get the opportunity to actually develop practical skills you can use right away…

Even though the next cohort of the course (where you go through the course along with up to 20 of your fellow security architects in real time) isn’t until February, that’s EXACTLY the reason that you can get a 60% discount if you register before the mystical, magical Friday the 13th of December DEADline.

If you’re feeling suitably magical…or even revolutionary, then here’s the link:

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

Your nameYour best email

I understand and agree that when I sign up above, I will be added to a marketing mailing list where I will receive DAILY security leadership tips and promotional offers from Andrew S. Townley according to the terms of Archistry's privacy policy and site terms and conditions.

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems
architect and consultant, which in my view is a rare thing. He is
innovative in his thinking and merits the title of 'thought
leader' in his specialist domains of knowledge—in particular the
management of risk. Andrew has embraced SABSA as a framework and,
in doing so, has been a significant contributor to extending the
SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely
good technical knowledge with ability to relate concepts together and
overcome differing opinions. Makes things work."

"Andrew was able to bring clarity and great depth of knowledge to the
table. His breadth of thinking and understanding of the business
and technical issues along with a clear and effective
communication style were of great benefit in moving the process
forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply
enjoy listening to, as he manages to develop highly sophisticated
subjects in very understandable way. His experience is actually
surprising and his thoughts leave you without considerable
arguments for any doubts in the subjects he covers."